Intrusion Prevention

Netscape.Navigator.URI.Handlers.Code.Execution

Description

A vulnerability has been identified in Netscape Navigator, which could be exploited by attackers to take complete control of an affected system with MS Internet Explorer 7 installed. This issue is caused by an input validation error when processing specially crafted arguments passed to certain registered URI handlers (e.g. "mailto:"). It could be exploited by remote attackers to inject and execute arbitrary commands, by tricking a user into visiting a specially crafted web page using a vulnerable browser.

Affected Products

Netscape version 9.0 and prior.

Impact

System compromise.

Recommended Actions

We are not aware of any officially releaseed patch or update.